AuthorTopic: Turn gateway into a transparent proxy (Read 3640 times)

Hi. Using VASM on vectorlinux LITE, a gateway has been set up so all pc's in a local network access the internet through this gateway. Now there is a vpn proxy running in the gateway box at 127.0.0.1:9666 so any application running in the gateway can be manually set up to go through this proxy.

How can all access to the internet through the gateway be forced to go through this proxy?

Note: the vpn proxy requires X to run so it is not available when /etc/rc.d/rc.firewall is executed, if that makes any difference.

For ports that you want to go through your proxy, remove them from line 67 (PORT_FORWARD=) of your rc.firewall. For example you would likely want to remove http, https, 8080, and possibly ftp/ftp-data. Anything set in this variable will be forwarded over nat without touching your proxy rule.

Now go down into the firewall_forward() function which begins at line 159. Lines 186-194 encompass the control structures that setup forwarding for each of the ports in PORT_FORWARD variable, so right below here would be a good place to add your iptables rule for redirecting to the proxy. Going by the examples nearby there, I think we should modify your iptables redirection rule, for consistency with other rules in rc.forward, to something similar to this: